[Samba] Re: winbind: BUILTIN\users group gid 1001 conflict

Christoph Peus cp at uni-wh.de
Thu Apr 5 08:48:15 GMT 2007

Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Christoph Peus wrote:
>> Don Piven wrote:
>>> Sez Christoph Peus:
>>>> Hi everybody,
>>>> I've joined a fileserver running samba 3.0.24 to an AD domain using
>>>> winbind and noticed that samba maps the "users" group SID
>>>> (5-1-5-32-545)  to gid 1001 automatically. This seems to conflict
>>>> with one of ~2000 mappings I had to "inject" in winbinds
>>>> winbindd_idmap.tdb by use of net idmap dump/restore, because the
> I don't remember but I assume the restore sets the UID and
> GID HWM values right ?

Yes, it does.

At the moment it looks like this (and the numbers haven't changed much 
since I have imported the mappings to winbindd_idmap initially):

lunkwill / # net idmap dump /var/cache/samba/winbindd_idmap.tdb | grep HWM
USER HWM 51674

>> Thanks for the hint, but both are set to 1000-60000, 
>> which is - as far as I know - the correct setting
>> if domain users/groups SIDs shall resolve to uids/gids
>> of this range.
> Definitely sounds like the HWM values are wrong.  Winbindd
> uses these records to determine the next available uid/gid
> which can be allocated.

Hmmm... when does winbindd allocate a gid for the "Users"-group SID? At 
startup time? (I couldn't find a reference to S-1-5-32-545 in the 
winbindd*.tdb files, so I guess that this is done on every startup...)
With the HWM values you see above I don't know why winbindd allocates 
the gid 1001 to the "Users"-group.
Thanks for your support!


More information about the samba mailing list